WO2006107542A3 - System and method for achieving machine authentication without maintaining additional credentials - Google Patents

System and method for achieving machine authentication without maintaining additional credentials Download PDF

Info

Publication number
WO2006107542A3
WO2006107542A3 PCT/US2006/009195 US2006009195W WO2006107542A3 WO 2006107542 A3 WO2006107542 A3 WO 2006107542A3 US 2006009195 W US2006009195 W US 2006009195W WO 2006107542 A3 WO2006107542 A3 WO 2006107542A3
Authority
WO
WIPO (PCT)
Prior art keywords
machine
authentication
supplicant
server
pac
Prior art date
Application number
PCT/US2006/009195
Other languages
French (fr)
Other versions
WO2006107542A2 (en
Inventor
Hao Zhou
Joseph Salowey
Winget Nancy Cam
Original Assignee
Cisco Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Tech Inc filed Critical Cisco Tech Inc
Priority to EP06738276.2A priority Critical patent/EP1869820B1/en
Publication of WO2006107542A2 publication Critical patent/WO2006107542A2/en
Publication of WO2006107542A3 publication Critical patent/WO2006107542A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Abstract

A Machine Authentication PAC (Protected Access Credential) serves as machine credentials to obtain network access without requiring server storage and management of the additional set of credentials. The first time authentication is performed, user authentication is executed. After the supplicant and server have mutually authenticated each other and satisfied other validations, the supplicant requests a Machine Authentication PAC from the server. The Server randomly generates a cryptographic key (Device Key) and sends it to the supplicant along with an encrypted ticket, comprising the Device Key and other information and encrypted with a key only known to the Server. The supplicant caches the Machine Authentication PAC in its non-volatile memory for future use. When the machine needs to access certain network services before a user is available, the supplicant uses the Machine Authentication PAC to gain authorization for the machine to limited access on the network, without requiring user input.
PCT/US2006/009195 2005-04-04 2006-03-15 System and method for achieving machine authentication without maintaining additional credentials WO2006107542A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP06738276.2A EP1869820B1 (en) 2005-04-04 2006-03-15 System and method for achieving machine authentication without maintaining additional credentials

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/098,637 2005-04-04
US11/098,637 US7640430B2 (en) 2005-04-04 2005-04-04 System and method for achieving machine authentication without maintaining additional credentials

Publications (2)

Publication Number Publication Date
WO2006107542A2 WO2006107542A2 (en) 2006-10-12
WO2006107542A3 true WO2006107542A3 (en) 2007-11-22

Family

ID=37072015

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/009195 WO2006107542A2 (en) 2005-04-04 2006-03-15 System and method for achieving machine authentication without maintaining additional credentials

Country Status (3)

Country Link
US (1) US7640430B2 (en)
EP (1) EP1869820B1 (en)
WO (1) WO2006107542A2 (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8123616B2 (en) 2003-03-25 2012-02-28 Igt Methods and apparatus for limiting access to games using biometric data
US7867083B2 (en) * 2003-03-25 2011-01-11 Igt Methods and apparatus for limiting access to games using biometric data
US7828652B2 (en) 2004-02-12 2010-11-09 Igt Player verification method and system for remote gaming terminals
FR2887723A1 (en) * 2005-06-28 2006-12-29 France Telecom METHOD FOR OBTAINING CONFIGURATION DATA FOR A TERMINAL USING THE DHCP PROTOCOL
US8402525B1 (en) 2005-07-01 2013-03-19 Verizon Services Corp. Web services security system and method
US8200191B1 (en) * 2007-02-08 2012-06-12 Clearwire IP Holdings Treatment of devices that fail authentication
US8201231B2 (en) * 2007-02-21 2012-06-12 Microsoft Corporation Authenticated credential-based multi-tenant access to a service
US8510808B2 (en) 2008-01-08 2013-08-13 Microsoft Corporation Associating computing devices with common credentials
US7689700B2 (en) * 2008-01-08 2010-03-30 Microsoft Corporation Configuration of a peer group
US8635670B2 (en) * 2008-05-16 2014-01-21 Microsoft Corporation Secure centralized backup using locally derived authentication model
US20100083358A1 (en) * 2008-09-29 2010-04-01 Perfios Software Solutions Pvt. Ltd Secure Data Aggregation While Maintaining Privacy
US8490871B1 (en) * 2011-04-28 2013-07-23 Amazon Technologies, Inc. Method and system for product restocking using machine-readable codes
US8924711B2 (en) * 2012-04-04 2014-12-30 Zooz Mobile Ltd. Hack-deterring system for storing sensitive data records
US9077772B2 (en) 2012-04-20 2015-07-07 Cisco Technology, Inc. Scalable replay counters for network security
US8800010B2 (en) 2012-04-20 2014-08-05 Cisco Technology, Inc. Distributed group temporal key (GTK) state management
US9208295B2 (en) 2012-10-16 2015-12-08 Cisco Technology, Inc. Policy-based control layer in a communication fabric
US9378274B2 (en) 2013-06-10 2016-06-28 Cisco Technology, Inc. Object filtering in a computing network
CN103825742A (en) * 2014-02-13 2014-05-28 南京邮电大学 Authentication key agreement method applicable to large-scale sensor network
WO2017048278A1 (en) * 2015-09-18 2017-03-23 Longsand Limited Communicate with server using credential
US20170140134A1 (en) * 2015-11-16 2017-05-18 Welch Allyn, Inc. Medical device user caching

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757920A (en) * 1994-07-18 1998-05-26 Microsoft Corporation Logon certification

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088451A (en) * 1996-06-28 2000-07-11 Mci Communications Corporation Security system and method for network element access
US6189100B1 (en) * 1998-06-30 2001-02-13 Microsoft Corporation Ensuring the integrity of remote boot client data
US7257836B1 (en) * 2000-04-24 2007-08-14 Microsoft Corporation Security link management in dynamic networks
US7580972B2 (en) * 2001-12-12 2009-08-25 Valve Corporation Method and system for controlling bandwidth on client and server
US7549048B2 (en) * 2004-03-19 2009-06-16 Microsoft Corporation Efficient and secure authentication of computing systems

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757920A (en) * 1994-07-18 1998-05-26 Microsoft Corporation Logon certification

Also Published As

Publication number Publication date
EP1869820B1 (en) 2019-05-08
EP1869820A4 (en) 2014-12-10
EP1869820A2 (en) 2007-12-26
US7640430B2 (en) 2009-12-29
US20060224890A1 (en) 2006-10-05
WO2006107542A2 (en) 2006-10-12

Similar Documents

Publication Publication Date Title
WO2006107542A3 (en) System and method for achieving machine authentication without maintaining additional credentials
EP2731043B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
CN1770688B (en) User authentication system and method
US8549298B2 (en) Secure online service provider communication
US20190205547A1 (en) Providing and checking the validity of a virtual document
EP2420036B1 (en) Method and apparatus for electronic ticket processing
US20050137889A1 (en) Remotely binding data to a user device
US20120144472A1 (en) Fraud Detection
WO2002073861A3 (en) Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
CN1987885A (en) Computer implemented method for securely acquiring a binding key and securely binding system
CN105430014B (en) A kind of single-point logging method and its system
CN101999125A (en) System and method for improving restrictiveness on accessingsoftware applications
CN104767731A (en) Identity authentication protection method of Restful mobile transaction system
US8397281B2 (en) Service assisted secret provisioning
JP2014508456A5 (en)
CN101541002A (en) Web server-based method for downloading software license of mobile terminal
RU2013140418A (en) SAFE ACCESS TO PERSONAL HEALTH RECORDS IN EMERGENCIES
JP2006190175A (en) Rfid-use type authentication control system, authentication control method and authentication control program
JP2011012511A (en) Electric lock control system
EP1843274B1 (en) Digital rights management system
US20080229433A1 (en) Digital certificate based theft control for computers
US20070204167A1 (en) Method for serving a plurality of applications by a security token
JP2009290508A (en) Electronized information distribution system, client device, server device and electronized information distribution method
EP2920732B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
Avdyushkin et al. Secure location validation with wi-fi geo-fencing and nfc

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2006738276

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: RU